Notifications
Clear all
Topic starter
A security analyst notices a number of SIEM events that show the following activity:
Which of the following response actions should the analyst take FIRST?
- A . Disable powershell.exe on all Microsoft Windows endpoints.
B. Restart Microsoft Windows Defender.
C. Configure the forward proxy to block 40.90.23.154.
D. Disable local administrator privileges on the endpoints.
Suggested Answer: C
Explanation:
top the data exfiltration and sever all malicious traffic first, and then clean up the internal mess.
Explanation:
top the data exfiltration and sever all malicious traffic first, and then clean up the internal mess.
Posted : 21/01/2023 7:07 am